The Cryptocurrency Worth $400K Stolen with Tor Browser
Cybersecurity firm Kasperksy claimed to have found an “ongoing disruptive cryptocurrency theft” that used Tor to mask its true intent. Tor is typically used to access the dark web since it hides a user’s internet footprint.
According to Kaspersky, the perpetrators of the operation have so far this year earned over $400,000 in digital cash, which they took by targeting the online wallets of about 15,000 victims with malware.
Russia was the most severely impacted of the 52 nations targeted, but other countries that were affected included Belarus, which is regarded as a vital ally of the Kremlin, as well as Western countries including the US, Germany, the UK, and France.
This would seem to rule out the idea that the threat actors responsible for the cryptocurrency thefts, which have seen digital wallets used to store Bitcoin, Ethereum, Litecoin, Dogecoin, and Monero stolen, are motivated in any way by partisan allegiances.
It has long been believed that Russia allows cybercriminals to operate on its territory, but only if they do not harm the mother country or her allies.
Our Readers ALSO READResurfacing with New Rootkit and Phishing Kit Modules: The CopperStealer Malware Crew
However, according to Kaspersky, Russia is likely the major target because its inhabitants must rely on outsiders to install Tor, which is illegal in the nation, and on which the crypto-thieves also rely for the success of their robbery.
The victim downloads a “trojanized” version of Tor Browser from a third-party source that contains a password-protected archive during an assault, according to the analyst.
The purpose of the password is to prevent detection by security solutions. Once the file is dropped inside the user’s system, it registers itself in the system’s auto-start and [pretends to be] a popular application, such as uTorrent.Distributed under the guise of Tor Browser, the malware operates by replacing a portion of the entered clipboard contents with the cybercriminal’s own wallet address once it detects a wallet address in the clipboard, While this technique has been around for more than a decade and originally used by banking trojans to replace bank account numbers, with the rise of cryptocurrency, this new type of malware is now actively targeting crypto owners and traders.